[PATCH net-next] genetlink: start to validate reserved header bytes
Jason A. Donenfeld
Jason at zx2c4.com
Mon Aug 29 16:32:54 UTC 2022
Hi Jakub,
On Wed, Aug 24, 2022 at 05:18:30PM -0700, Jakub Kicinski wrote:
> diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlink.c
> index d0f3b6d7f408..0c0644e762e5 100644
> --- a/drivers/net/wireguard/netlink.c
> +++ b/drivers/net/wireguard/netlink.c
> @@ -621,6 +621,7 @@ static const struct genl_ops genl_ops[] = {
> static struct genl_family genl_family __ro_after_init = {
> .ops = genl_ops,
> .n_ops = ARRAY_SIZE(genl_ops),
> + .resv_start_op = WG_CMD_SET_DEVICE + 1,
> .name = WG_GENL_NAME,
> .version = WG_GENL_VERSION,
> .maxattr = WGDEVICE_A_MAX,
FWIW, I wouldn't object to just leaving this at zero. I don't know of
any wireguard userspaces doing anything with the reserved header field.
Jason
More information about the Linux-security-module-archive
mailing list